Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Plus Barcelona, Amsterdam, Brisbane, London and Austin all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*********************** SPONSORED BY MANDIANT ********************

Be part of something more! MANDIANT is building a world-class threat detection and response organization and needs a few good men and women to join the Product Development and Professional Services teams in our DC, New York, Los Angeles and San Francisco offices. Check out open positions online at http://www.sans.org/info/76574

THE REST OF THE WEEK'S NEWS

Internet Still Disconnected at Oak Ridge (April 25, 2011)

Employees at the US Department of Energy's Oak Ridge National Laboratory remain without Internet access following the detection of a spear phishing attack that left a lab network infected with malware. Email and Internet access were suspended on April 15; email was restored on April 19. A lab spokesperson said that they are "being cautious, since the whole purpose of the malware is to exfiltrate data." -http://gcn.com/articles/2011/04/25/oak-ridge-internet-access-still-down.aspx?admgarea=TC_SECCYBERSSEC[Editor's Note (Northcutt): Good for Oak Ridge! Anyone can get stuck by malware, but they found the problem (how often does that happen) and then took significant defensive action. ]

FBI Raids Home of Suspected Illegal Filesharer (April 25, 2011)

The FBI has raided the apartment of an individual believed to have uploaded several movies to The Pirate Bay that were playing only in theaters at the time. The person has been identified as Wes DeSoto, a member of the Screen Actors Guild and the owner of a clothing shop. DeSoto was pegged as the culprit because the copies of the films he viewed had unique watermarks. Members of the Guild were provided iTunes codes that allowed them to access the screening copies of films nominated for awards. No charges have been filed. -http://www.wired.com/threatlevel/2011/04/kings-speech-uploader/

Sony Has No Estimate for Restoration of PlayStation Network (April 25, 2011)

Sony's PlayStation Network (PSN) was taken offline to allow the company to investigate an intrusion. The system remained unavailable as of Monday morning; it has been inaccessible for five days. PSN has more than 70 million accounts around the world. Users can download games, music and movies through the system and can play games online with friends. Sony says it is "rebuilding" the PSN to protect it from future attacks. The company has not yet determined if any customer information was stolen. -http://www.bbc.co.uk/news/technology-13169518-http://www.computerworld.com/s/article/9216122/Sony_rebuilding_PlayStation_Network_after_attack?taxonomyId=17[Editor's Note (Paller): You are seeing the visible manifestation of the continuing conflict between accessibility and speed to market on the one hand and security on the other. Sony has to let everyone in -- that's the business model. And they have to continually innovate -- that's the survival strategy. New software has holes. Sony has IT architects and programmers with limited skills in making sure the designs are secure and the code is secure (and limited corporate visibility into the level of security skills of the IT architects and developers). Lack of security skills in the IT architects and software developers creates catastrophes waiting to happen. ]

Quiet Progress in Securing Federal Systems (April 22, 2011)

White House Cybersecurity coordinator Howard Schmidt has no interest in making headlines, but instead is working steadily and quietly to improve the security of federal computer systems. The understated stance of the office has led some to question the importance the Obama administration affords cyber security. Public perception may rely on the volume of initiatives and policymaking to come out of an office, but Schmidt explains that once policy has been established, it needs to become operational. -http://www.federalnewsradio.com/index.php?nid=35&sid=2355677[Editor's Note (Pescatore): It is good to see effort behind the scenes to improve operational security prioritized over buzz and hype. ]

Hiding Files on Hard Drives Without Encryption (April 21, 2011)

Researchers have devised a method of hiding data on hard drives without using encryption. The technique allows a 20-megabyte message to be hidden on a 160-gigabyte hard drive. The technique involves storing clusters of the file to be hidden in places on the disk determined by a code, which would need to be known by the person receiving they disk. To an inspector, the disk would look like any other disk on which data have been stored and deleted in the course of regular use. The technique works as long as none of the files on the disk are modified before it reaches its destination. There are instances in which encryption is not desirable, because the extra data it creates are a giveaway that there's something to be found. This could be the case when someone is trying to smuggle information out of a country with a repressive government. -http://www.newscientist.com/article/mg21028095.200-covert-hard-drive-fragmentation-embeds-a-spys-secrets.html[Editor's Note (Pescatore): Everyone of these schemes always has a "code" involved, and tends to smell very much like encryption - just done in a non-standard way. There are a lot of examples of home-grown approaches being about as secure as paper mache. ]

When the American Civil Liberties Union (ACLU) made a Freedom of Information Act (FOIA) request for documents containing information to help them determine if Michigan State Police were violating Fourth Amendment rights, they were told it would cost more than half a million dollars. The issue centers on the use of a data extraction device used by police. The device is capable of scraping data from phones in less than two minutes. The ACLU of Michigan is trying to determine whether police violated people's Fourth Amendment rights by taking those data without search warrants. The Michigan State Police has issued a statement regarding allegations of their abuse of data extraction devices. The statement says there have been no allegations of wrongdoing and that "the [Michigan State Police ] only uses the [devices ] if a search warrant is obtained or if the person possessing the mobile device gives consent, ... [and they ] are not being used to extract citizens' personal information during routine traffic stops." -http://www.networkworld.com/community/blog/state-police-can-suck-data-out-cell-phones-un-http://www.networkworld.com/community/blog/michigan-state-police-reply-aclu-about-cell-p

Eugene Schultz, Ph.D., CISM, CISSP, GLSC is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Advisory Capability (CIAC).

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/